Date
July 3, 2025, 11:10 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 19.228872] ================================================================== [ 19.228996] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 19.229136] Write of size 1 at addr fff00000c6345878 by task kunit_try_catch/142 [ 19.229257] [ 19.229334] CPU: 0 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 19.229511] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.229570] Hardware name: linux,dummy-virt (DT) [ 19.229641] Call trace: [ 19.229699] show_stack+0x20/0x38 (C) [ 19.229807] dump_stack_lvl+0x8c/0xd0 [ 19.229912] print_report+0x118/0x608 [ 19.230646] kasan_report+0xdc/0x128 [ 19.231068] __asan_report_store1_noabort+0x20/0x30 [ 19.231227] kmalloc_track_caller_oob_right+0x418/0x488 [ 19.231403] kunit_try_run_case+0x170/0x3f0 [ 19.231556] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.231715] kthread+0x328/0x630 [ 19.231817] ret_from_fork+0x10/0x20 [ 19.231972] [ 19.232054] Allocated by task 142: [ 19.232152] kasan_save_stack+0x3c/0x68 [ 19.232280] kasan_save_track+0x20/0x40 [ 19.232383] kasan_save_alloc_info+0x40/0x58 [ 19.232482] __kasan_kmalloc+0xd4/0xd8 [ 19.232584] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 19.232683] kmalloc_track_caller_oob_right+0x184/0x488 [ 19.232771] kunit_try_run_case+0x170/0x3f0 [ 19.232850] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.232941] kthread+0x328/0x630 [ 19.233009] ret_from_fork+0x10/0x20 [ 19.233094] [ 19.233134] The buggy address belongs to the object at fff00000c6345800 [ 19.233134] which belongs to the cache kmalloc-128 of size 128 [ 19.233876] The buggy address is located 0 bytes to the right of [ 19.233876] allocated 120-byte region [fff00000c6345800, fff00000c6345878) [ 19.234053] [ 19.234120] The buggy address belongs to the physical page: [ 19.234182] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106345 [ 19.234524] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.234695] page_type: f5(slab) [ 19.234788] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.234896] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.234993] page dumped because: kasan: bad access detected [ 19.235077] [ 19.235117] Memory state around the buggy address: [ 19.235187] fff00000c6345700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.235285] fff00000c6345780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.235380] >fff00000c6345800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.235464] ^ [ 19.235557] fff00000c6345880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.235661] fff00000c6345900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.235785] ================================================================== [ 19.220041] ================================================================== [ 19.220650] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 19.220838] Write of size 1 at addr fff00000c6345778 by task kunit_try_catch/142 [ 19.220975] [ 19.221124] CPU: 0 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT [ 19.221383] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.221468] Hardware name: linux,dummy-virt (DT) [ 19.221573] Call trace: [ 19.221646] show_stack+0x20/0x38 (C) [ 19.221798] dump_stack_lvl+0x8c/0xd0 [ 19.222125] print_report+0x118/0x608 [ 19.222253] kasan_report+0xdc/0x128 [ 19.222356] __asan_report_store1_noabort+0x20/0x30 [ 19.222595] kmalloc_track_caller_oob_right+0x40c/0x488 [ 19.223121] kunit_try_run_case+0x170/0x3f0 [ 19.223312] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.223487] kthread+0x328/0x630 [ 19.223634] ret_from_fork+0x10/0x20 [ 19.223790] [ 19.223855] Allocated by task 142: [ 19.223929] kasan_save_stack+0x3c/0x68 [ 19.224042] kasan_save_track+0x20/0x40 [ 19.224114] kasan_save_alloc_info+0x40/0x58 [ 19.224192] __kasan_kmalloc+0xd4/0xd8 [ 19.224271] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 19.224786] kmalloc_track_caller_oob_right+0xa8/0x488 [ 19.224976] kunit_try_run_case+0x170/0x3f0 [ 19.225078] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.225174] kthread+0x328/0x630 [ 19.225245] ret_from_fork+0x10/0x20 [ 19.225320] [ 19.225362] The buggy address belongs to the object at fff00000c6345700 [ 19.225362] which belongs to the cache kmalloc-128 of size 128 [ 19.225481] The buggy address is located 0 bytes to the right of [ 19.225481] allocated 120-byte region [fff00000c6345700, fff00000c6345778) [ 19.225619] [ 19.225699] The buggy address belongs to the physical page: [ 19.225765] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106345 [ 19.226168] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.226291] page_type: f5(slab) [ 19.226376] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.226597] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.226683] page dumped because: kasan: bad access detected [ 19.226898] [ 19.226942] Memory state around the buggy address: [ 19.227015] fff00000c6345600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.227130] fff00000c6345680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.227221] >fff00000c6345700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.227323] ^ [ 19.227456] fff00000c6345780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.227597] fff00000c6345800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.227681] ==================================================================
[ 10.936637] ================================================================== [ 10.937098] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.937452] Write of size 1 at addr ffff8881027a9a78 by task kunit_try_catch/159 [ 10.937897] [ 10.938015] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.938057] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.938068] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.938088] Call Trace: [ 10.938099] <TASK> [ 10.938112] dump_stack_lvl+0x73/0xb0 [ 10.938151] print_report+0xd1/0x650 [ 10.938172] ? __virt_addr_valid+0x1db/0x2d0 [ 10.938194] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.938227] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.938248] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.938272] kasan_report+0x141/0x180 [ 10.938292] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.938320] __asan_report_store1_noabort+0x1b/0x30 [ 10.938340] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.938375] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.938400] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 10.938424] ? trace_hardirqs_on+0x37/0xe0 [ 10.938447] ? __pfx_read_tsc+0x10/0x10 [ 10.938468] ? ktime_get_ts64+0x86/0x230 [ 10.938490] kunit_try_run_case+0x1a5/0x480 [ 10.938518] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.938541] ? queued_spin_lock_slowpath+0x116/0xb40 [ 10.938563] ? __kthread_parkme+0x82/0x180 [ 10.938582] ? preempt_count_sub+0x50/0x80 [ 10.938605] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.938627] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.938648] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.938670] kthread+0x337/0x6f0 [ 10.938688] ? trace_preempt_on+0x20/0xc0 [ 10.938708] ? __pfx_kthread+0x10/0x10 [ 10.938728] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.938747] ? calculate_sigpending+0x7b/0xa0 [ 10.938769] ? __pfx_kthread+0x10/0x10 [ 10.938789] ret_from_fork+0x116/0x1d0 [ 10.938806] ? __pfx_kthread+0x10/0x10 [ 10.938825] ret_from_fork_asm+0x1a/0x30 [ 10.938855] </TASK> [ 10.938865] [ 10.946598] Allocated by task 159: [ 10.946784] kasan_save_stack+0x45/0x70 [ 10.946986] kasan_save_track+0x18/0x40 [ 10.947191] kasan_save_alloc_info+0x3b/0x50 [ 10.947442] __kasan_kmalloc+0xb7/0xc0 [ 10.947594] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.947837] kmalloc_track_caller_oob_right+0x99/0x520 [ 10.948006] kunit_try_run_case+0x1a5/0x480 [ 10.948247] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.948556] kthread+0x337/0x6f0 [ 10.948724] ret_from_fork+0x116/0x1d0 [ 10.948856] ret_from_fork_asm+0x1a/0x30 [ 10.948992] [ 10.949061] The buggy address belongs to the object at ffff8881027a9a00 [ 10.949061] which belongs to the cache kmalloc-128 of size 128 [ 10.949735] The buggy address is located 0 bytes to the right of [ 10.949735] allocated 120-byte region [ffff8881027a9a00, ffff8881027a9a78) [ 10.950369] [ 10.950442] The buggy address belongs to the physical page: [ 10.950619] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027a9 [ 10.951299] flags: 0x200000000000000(node=0|zone=2) [ 10.951550] page_type: f5(slab) [ 10.951721] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.952020] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.952507] page dumped because: kasan: bad access detected [ 10.952720] [ 10.952817] Memory state around the buggy address: [ 10.953003] ffff8881027a9900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.953436] ffff8881027a9980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.953724] >ffff8881027a9a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 10.953998] ^ [ 10.954522] ffff8881027a9a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.954797] ffff8881027a9b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.955091] ================================================================== [ 10.955787] ================================================================== [ 10.956154] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.956692] Write of size 1 at addr ffff8881027a9b78 by task kunit_try_catch/159 [ 10.956923] [ 10.957007] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.957045] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.957056] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.957075] Call Trace: [ 10.957086] <TASK> [ 10.957098] dump_stack_lvl+0x73/0xb0 [ 10.957135] print_report+0xd1/0x650 [ 10.957157] ? __virt_addr_valid+0x1db/0x2d0 [ 10.957178] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.957201] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.957222] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.957245] kasan_report+0x141/0x180 [ 10.957266] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.957294] __asan_report_store1_noabort+0x1b/0x30 [ 10.957314] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.957337] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.957361] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 10.957383] ? trace_hardirqs_on+0x37/0xe0 [ 10.957405] ? __pfx_read_tsc+0x10/0x10 [ 10.957471] ? ktime_get_ts64+0x86/0x230 [ 10.957496] kunit_try_run_case+0x1a5/0x480 [ 10.957519] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.957542] ? queued_spin_lock_slowpath+0x116/0xb40 [ 10.957564] ? __kthread_parkme+0x82/0x180 [ 10.957583] ? preempt_count_sub+0x50/0x80 [ 10.957605] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.957627] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.957648] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.957670] kthread+0x337/0x6f0 [ 10.957688] ? trace_preempt_on+0x20/0xc0 [ 10.957708] ? __pfx_kthread+0x10/0x10 [ 10.957728] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.957747] ? calculate_sigpending+0x7b/0xa0 [ 10.957769] ? __pfx_kthread+0x10/0x10 [ 10.957789] ret_from_fork+0x116/0x1d0 [ 10.957807] ? __pfx_kthread+0x10/0x10 [ 10.957826] ret_from_fork_asm+0x1a/0x30 [ 10.957855] </TASK> [ 10.957864] [ 10.965826] Allocated by task 159: [ 10.966002] kasan_save_stack+0x45/0x70 [ 10.966193] kasan_save_track+0x18/0x40 [ 10.966371] kasan_save_alloc_info+0x3b/0x50 [ 10.966631] __kasan_kmalloc+0xb7/0xc0 [ 10.966767] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.967011] kmalloc_track_caller_oob_right+0x19a/0x520 [ 10.967311] kunit_try_run_case+0x1a5/0x480 [ 10.967597] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.967843] kthread+0x337/0x6f0 [ 10.967980] ret_from_fork+0x116/0x1d0 [ 10.968119] ret_from_fork_asm+0x1a/0x30 [ 10.968324] [ 10.968419] The buggy address belongs to the object at ffff8881027a9b00 [ 10.968419] which belongs to the cache kmalloc-128 of size 128 [ 10.968830] The buggy address is located 0 bytes to the right of [ 10.968830] allocated 120-byte region [ffff8881027a9b00, ffff8881027a9b78) [ 10.969402] [ 10.969503] The buggy address belongs to the physical page: [ 10.969921] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027a9 [ 10.970286] flags: 0x200000000000000(node=0|zone=2) [ 10.970572] page_type: f5(slab) [ 10.970726] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.971052] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.971475] page dumped because: kasan: bad access detected [ 10.971652] [ 10.971748] Memory state around the buggy address: [ 10.971974] ffff8881027a9a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.972484] ffff8881027a9a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.972786] >ffff8881027a9b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 10.973042] ^ [ 10.973589] ffff8881027a9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.973886] ffff8881027a9c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.974149] ==================================================================